[PLUG] Is there a better name for...

JP Vossen on 23 Mar 2011 13:23:34 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Is there a better name for...

From: JP Vossen <jp@jpsdomain.org>
To: plug@lists.phillylinux.org
Subject: [PLUG] Is there a better name for...
Date: Wed, 23 Mar 2011 16:23:28 -0400
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.14) Gecko/20110223 Thunderbird/3.1.8

...a "log check"?

I've talked about this before, there is a package in Debian & Ubuntu,and a project site:

* logcheck - mails anomalies in the system logfiles to the administrator
* http://logcheck.org/

The idea is simple at a high level and works really well, though therecan be implementation gotchas.


You take your logs, or output, or whatever and:
1) Remove stuff you recognize and don't care about
2) Find stuff you *know* is bad, but then remove stuff that only *looks* bad
3) Take the remainder

So you end up with 2 buckets:
A) Stuff you know is bad
B) Stuff you don't recognize (so either it's bad or you tune it out)

Then over time you tune your patterns (usually regular expressions) toreduce "B."

This turns out to be really useful for log monitoring, or handling theoutput from long noisy processes (like compiles that don't set good exitcodes).

To the best of my knowledge [1], Marcus J. Ranum and Fred Avolio wrotethe oldest implementation in this context with the 'frequentcheck.sh'script for TIS Gauntlet, circa early 1990's. But it seems like itshould be a basic sort of "Computer Science" thing, related to filteringor something. So, can anyone think of a better name and/or olderexample for this process or concept?



Thanks,
JP
____________________
Footnote:
[1] http://logcheck.org/docs/README-psionic
----------------------------|:::======|-------------------------------
JP Vossen, CISSP            |:::======|      http://bashcookbook.com/
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Is there a better name for...
  - From: Doug Stewart <zamoose@gmail.com>
- Re: [PLUG] Is there a better name for...
  - From: Morgan Jones <morgan@morganjones.org>
- Re: [PLUG] Is there a better name for...
  - From: bergman@merctech.com
- Re: [PLUG] Is there a better name for...
  - From: "K.S. Bhaskar" <bhaskar@bhaskars.com>
- Re: [PLUG] Is there a better name for...
  - From: JP Vossen <jp@jpsdomain.org>

Prev by Date: Re: [PLUG] Asterisk advice
Next by Date: Re: [PLUG] Is there a better name for...
Previous by thread: [PLUG] nullmailer & ssmtp
Next by thread: Re: [PLUG] Is there a better name for...
Index(es):
- Date
- Thread